Back to blogs
Written by
Cyfrin
Published on
July 2, 2025

Cyfrin's Blockchain Security and Education Newsletter: July 2025

Explore Cyfrin’s July 2025 roundup: new courses, certifications, major DeFi exploits, building call graphs, and real-world blockchain security tips to stay ahead.

Table of Contents

The GMX Perpetuals Trading course is live on Updraft! Master the GMX protocol and build advanced DeFi apps with insights into pricing, liquidity, and liquidation logic.

Screenshot of the GMX Perpetuals Trading course page on Cyfrin Updraft, detailing features, topics, and enrollment stats.


Read on for the month's update from Cyfrin, security news, and industry insights. 

From Cyfrin’s world

Updraft Career Tracks are live! Go from beginner to pro with structured learning paths in blockchain foundations, Solidity, Vyper, DeFi, wallets, and smart contract security. Hands-on, expert-designed, and built to launch your web3 career.

Cyfrin Updraft’s Career Tracks section showing structured learning paths in blockchain development and security.


New courses and certifications:

Meet the new Solodit: The go-to resource for smart contract security research, now with streamlined UI, faster navigation, global search, and a fully updated checklist page.

CodeHawks Eagles success story: In just over two years, 0xStalin went from DevOps engineer to securing billions in DeFi as a top smart contract auditor.

Completed audits
:


Insights to level up your blockchain security skills and knowledge: 


From the Solodit Checklist Explained series:

High-profile hacks and security incidents

Nobitex ($100M): Pro-Israel hackers exposed a pre-existing money laundering setup, including peelchains, chip-off wallets, and a “rescue” wallet active months before the breach.

Visual map of BTC transactions from Nobitex wallets funneling into a suspected laundering address.
Nobitex User Funds Being Transferred to a Potential Money Laundering Wallet. Source: Global Ledger

AlexLab ($16.1M): A token listing flaw enabled an attacker to use fake tokens to drain vaults via a crafted swap call, bypassing recent audits.

Resupply
($9.5M): A price manipulation attack on a synthetic stablecoin resulted in an exploiter inflating collateral value and borrowing reUSD with minimal risk.

Nervos
($3.7M): A ForceBridge access control flaw led to an attacker drain multi-chain funds, swap to ETH, and launder them through Tornado Cash.

BNB Chain bots
($2M): Poor function restrictions in MEV bot contracts ended in attackers draining assets via crafted internal calls.

Industry news and resources

Cyfrin’s Farouk ELALEM breaks down how Solana programs run on SBF bytecode in a custom BPF VM, balancing high throughput with strict safety checks.

Diagram showing the LLVM compilation process from frontend languages like Rust and C++ to backends including SBF and WebAssembly.
LLVM Overview; Source: Ubermensch

Pascal Caversaccio open-sourced a Bash script to rescue assets from compromised wallets using EIP-7702, paymasters, and a custom Vyper delegator. No ETH required.

SlowMist warns
that jailbroken LLMs like WormGPT and GhostGPT are fueling advanced phishing, scam scripting, and malicious smart contract generation in crypto.

Areta’s State of Crypto Security 2025 report reveals why full-stack security is now essential across the entire web3 development lifecycle.

Safe{Wallet} Co-founder Lukas Schor shares how 100 ETH was rescued after a user bridged to a misconfigured smart account.

wellbyt3.eth notes
that infrastructure projects offer $1M+ bounties, while DeFi contests cluster in the $250k–$999k range, hinting at payout variance by project type.

Radcipher explains
how bug hunting is about pattern recognition and daily reps, not genius, and shares the system that took them from beginners to top audit contests.

Protocols recruit talent with Updraft Certifications

Schedule your certification exam today!

Did someone forward you this newsletter? Subscribe here!

Secure your protocol today

Join some of the biggest protocols and companies in creating a better internet. Our security researchers will help you throughout the whole process.
Stay on the bleeding edge of security
Carefully crafted, short smart contract security tips and news freshly delivered every week.